MOSS Forum

Ask Question   UnAnswered
Home » Forum » MOSS       RSS Feeds

Block from subsites

  Asked By: Reina    Date: Jul 20    Category: MOSS    Views: 1435

I've created an Intranet site (https://intranet.site.com), and a council
site at (https://intranet.site.com/council). I setup a group called
"council" that's allowed to view the /council site, but now those users
can view the top level site too.

How can I block that access?

(using MOSS 2007, MS SQL 2008, Windows 2008)



8 Answers Found

Answer #1    Answered By: Trupti Patil     Answered On: Jul 20

Blocking access to the root of a site  collection is a horrible idea.
There are a lot of resources (like the web part gallery, for instance)
that are shared site collection wide and users need access to the root
of the site collection for things to work correctly. You can work with
the permissions to kind of do what you're trying to do, but it's nearly
impossible to do well and often it leads to weird errors.

The site collection is the security boundary in SharePoint. Your
situation is one of the best examples of when you should create a new
site collection instead of a web (subsite).

Answer #2    Answered By: Marlena Noble     Answered On: Jul 20

I'm in the process of creating another site
collection, but at the create screen it does not show my Custom site
template that I've uploaded.

I verified that it was uploaded. This works fine if I create a site  off
of the top  level site.

Answer #3    Answered By: Juan Davis     Answered On: Jul 20

Custom Templates are uploaded to the Template Gallery at the root of a site
collection. site  Collections are built from definitions that are stored on the
file system of the SharePoint server. If you want to use your custom template to
create a Site Collection you will need to make it into a definition and deploy
it. Not sure how to do this, but that would be the process.

Answer #4    Answered By: Glenda Roth     Answered On: Jul 20

Stsadm -o addtemplate

Will add an ".stp" file to the global template gallery.


The procedure in outline would be:

1) build a site  that has the form you want
2) save as a template
3) download as ".stp" file
4) upload .stp file to web front end
5) run stsadm -o addtemplate pointing to the .stp file
6) run iisreset

The template should then be available when you create a site collection in
Central Administration.

Answer #5    Answered By: Uttam Vanjare     Answered On: Jul 20

Exactly right. Adding an STP to a site  Collection's site template
gallery only makes it available to webs in that site collection. It is
not available in any other site collections.

Having a farm administrator add the STP with STSADM will add it to the
farm, making it available to all the site collections in that farm.

Answer #6    Answered By: Jack Carroll     Answered On: Jul 20

One more question. When I created  the second site  collection it created
it under /sites (site is now /sites/council). I'd like to redirect it to
Council.site.com . Can I do that straight from IIS 7 or do I need change
it in MOSS 2007?

Answer #7    Answered By: Chandrabhan Agarkar     Answered On: Jul 20

For the real URL to be council.site.com you'll need a new web
application (using a host header most likely) instead of just a new site

Answer #8    Answered By: Lonnie Cohen     Answered On: Jul 20

I thought that the top-level access Todd mentions is provided by the
"Limited Access" permission level, which is automatically granted at the top
level when (e.g.) read permissions are granted at a lower level. "Limited
Access" is supposed to give access to the web parts, themes, and other
necessary components without giving access to the actual pages at higher
levels. That would suggest that the "council" group  could be added to the
/council site, and have "Read" access removed from the top-level site,
leaving only "Limited Access", without problems.

We haven't actually tried blocking access at the top  level; we simply made
the top-level site  a bland public introduction, and put into subsites
everything that needed to have restricted access. Of course, that may not
work as a retrofit for the OP.

Didn't find what you were looking for? Find more on Block from subsites Or get search suggestion and latest updates.